Schneider-electric

Ecostruxure Power Monitoring Expert

22 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2025-54927

  • EPSS 0.06%
  • Published 20.08.2025 13:51:04
  • Last modified 20.08.2025 14:39:07

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized access to sensitive files when an authenticated attackers uses a crafted path input that is processed by the sys...

7.2

CVE-2025-54926

  • EPSS 0.34%
  • Published 20.08.2025 13:48:02
  • Last modified 20.08.2025 14:39:07

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution when an authenticated attacker with admin privileges uploads a malicious file over HTTP which then gets...

7.5

CVE-2025-54925

  • EPSS 0.05%
  • Published 20.08.2025 13:44:21
  • Last modified 20.08.2025 14:39:07

CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker configures the application to access a malicious url.

7.5

CVE-2025-54924

  • EPSS 0.07%
  • Published 20.08.2025 13:39:10
  • Last modified 20.08.2025 14:39:07

CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a vulnerable endpoint.

8.7

CVE-2025-54923

  • EPSS 0.45%
  • Published 20.08.2025 13:30:04
  • Last modified 20.08.2025 14:39:07

CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution and compromise of system integrity when authenticated users send crafted data to a network-exposed service that performs unsafe deserialization.

5.3

CVE-2025-6788

  • EPSS 0.06%
  • Published 11.07.2025 11:09:35
  • Last modified 15.07.2025 13:14:49

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that exposes TGML diagram resources to the wrong control sphere, providing other authenticated users with potentially inappropriate access to TGML diagrams.

5.4

CVE-2024-8401

  • EPSS 0.04%
  • Published 28.01.2025 17:15:25
  • Last modified 28.01.2025 17:15:25

CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated attacker modifies folder names within the context of the product.

7.3

CVE-2024-9005

  • EPSS 0.14%
  • Published 08.10.2024 11:15:13
  • Last modified 13.03.2025 15:15:51

CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server.

7.8

CVE-2024-2229

  • EPSS 0.04%
  • Published 18.03.2024 16:15:09
  • Last modified 21.11.2024 09:09:18

CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaded into the application by a valid user.

6.1

CVE-2023-5986

  • EPSS 0.17%
  • Published 15.11.2023 04:15:19
  • Last modified 21.11.2024 08:42:55

A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers can cause the software’s web application to redirect...